Regulation Roadmap Q4

Q4 2025 brings pivotal consultations on cryptoassets, open banking, and instant payments, alongside the FCA’s safeguarding overhaul and EU instant payments deadlines. This roadmap sets out the critical reforms, timelines, and risks that payments leaders must track to stay ahead in a tightening regulatory environment.

Introduction

About the roadmap

Regulatory change spans every facet of the value chain, from consumer protection and market conduct to digital resilience and cross-border interoperability. In the UK, the Financial Conduct Authority’s (FCA) safeguarding overhaul, the expansion of Consumer Duty, and the potential removal of contactless limits illustrate the regulator’s focus on customer outcomes. Meanwhile, the Bank of England and HM Treasury continue to drive structural reform through ISO 20022 migration, the review of the digital pound, and preparations for T+1 settlement.

In the European Union (EU), regulation continues at a rapid pace. The Digital Operational Resilience Act (DORA) is now in force, PSD3 and the Payment Services Regulation are progressing through negotiations, and the Instant Payments Regulation is hardwiring real-time settlement into the Single Euro Payments Area. Alongside these initiatives, the digital euro and Markets in Crypto-Assets regulation (MiCA) are shaping the next generation of retail money and cryptoasset regulation.

Globally, the US’s GENIUS Act introduces the first federal stablecoin regime, underscoring the international dimension of digital asset oversight. Although there is convergence on stablecoin regulation, with the EU, US, and proposed legislation in the UK all stipulating full-reserve backing, prudential standards, and licensing requirements for issuers, divergence remains on scope, enforcement, and timelines.

The Payments Regulation Roadmap Q4 2025 outlines the policy landscape for payments, detailing key regulations chronologically, identifying the legal risks they pose, and suggesting next steps to address these.

Foreword

The payments industry is entering a decisive period where regulatory change is accelerating across multiple fronts at once. This Q4 roadmap is intended to give our members clarity on what lies ahead, from safeguarding reforms and instant payments deadlines to open banking’s future framework and the first phase of comprehensive cryptoasset regulation. The coming year will demand careful horizon scanning, disciplined implementation planning, and a strategic view of how compliance can strengthen resilience and competitiveness. For payments leaders, the challenge is not only to meet new obligations but to turn regulatory readiness into market advantage.
Benjamin David
Head of Intelligence

Recent and immediate developments: Q4 2025

Q4 2025 delivers a wave of consultations and deadlines that will set the tone for the next phase of payments regulation, from the FCA’s contactless proposals to ISO 20022 migration and EU instant payments adoption. These measures bring pressing compliance demands and operational challenges that firms must address now to avoid disruption and regulatory risk.

FCA consultation period on proposals to remove the limit for contactless payments

The FCA has launched a consultation on proposals to remove the regulatory cap of £100 on contactless transaction limits (raised from £45 in 2021). Issuers would retain discretion to set product or customer-level limits based on needs, risk appetite, and fraud prevention controls. Customers could continue to personalise their limits or disable contactless altogether.

In 2023, contactless accounted for 38% of UK payments, with a third of adults using it at least once a month. Contactless fraud rates remain low—around 1.3p per £100 spent compared with 6p per £100 for all unauthorised fraud—as reported by UK Finance’s Annual Fraud Report 2025

David Geale, executive director of payments and digital finance at the FCA, said“We‘re seeing smarter payment technology and more well-established fraud controls, so it’s the right time to let firms tailor contactless payments to fit their customers’ needs and drive innovation. While we wouldn’t expect to see immediate changes to limits by firms, they would have the flexibility to make payments more convenient for customers.”

The proposals are out for consultation until 15 October 2025. Responses can be submitted by online survey or by emailing [email protected].

  • Removal of the £100 cap could increase fraud exposure if controls are inadequate
  • Regulatory challenge under the Consumer Duty if customer safeguards are weak
  • Need for alignment with card-scheme rules on limit setting
  • Merchant terminals, gateways and settlement systems must be updated for higher or varied thresholds
  • Submit consultation responses by 15 October 2025 (via FCA online survey or email to [email protected])
  • Run fraud-loss scenario testing for higher limits and present findings to product governance committees
  • Review card-scheme rule updates and confirm merchant terminal readiness with acquiring partners
  • Update internal product and risk documentation to reflect potential removal of the cap

ISO 20022: Implementing the global payments messaging standard within CHAPS and RTGS

From November 2025, CHAPS payments must use structured remittance data in pacs.008 messages. Direct Participants (DPs) may use Hybrid Addresses (part-structured, part-unstructured), although the Bank of England encourages full adoption of structured addresses.

This change aligns the UK with other jurisdictions migrating to ISO 20022 ahead of SWIFT’s retirement of the MT standard in November 2025, advancing the shift to a single, global payments messaging language.

ISO 20022 is more versatile than existing standards, supporting richer and better structured data fields, including:

  • Purpose Codes
  • Legal Entity Identifiers (LEIs)
  • Structured remittance information
  • Structured addresses
  • Extended character set
  • Data readiness: Payment systems may fail to ingest or transmit enhanced fields (LEIs, Purpose Codes) unless databases, formats, and APIs are upgraded, creating reconciliation and compliance risks
  • Governance and compliance: Non-compliant messages currently pass, but firms must self-attest and remediate under the CHAPS Rulebook; from late-2026, unstructured addresses will be rejected outright, leading to settlement failures if not addressed
  • Stakeholder coordination: Inadequate coordination with corporates and vendors (notably in property transactions) could result in missing Purpose Codes or LEIs, exposing firms to sanctions-screening gaps and operational disruption
  • Engage with the Bank of England and Pay.UK through the Standards Advisory Panel and Enhanced Data Working Group to influence implementation
  • Build an ISO 20022 data dictionary and map all current SWIFT MT fields to MX equivalents
  • Run end-to-end test packs with top corporates, counterparties, and vendors to validate enriched data flows
  • Evidence CHAPS self-attestation requirements with management information and audit artefacts
  • Prepare for the late-2026 rejection of unstructured addresses by ensuring systems and client processes are fully structured

UK Stablecoin & Cryptoasset Regime: Consultation paper on trading platforms, intermediation, lending, and staking

The FCA is expected to consult in late 2025 or early 2026 on a new framework for cryptoasset and stablecoin trading platforms, intermediation, lending, and staking. While details are pending, the regime is likely to borrow from the EU’s Markets in Crypto-Assets Regulation (MiCA) and elements of UK financial services law, with emphasis on prudential soundness, market integrity, and consumer protection.

Trading platforms are expected to be brought within the regulatory perimeter as recognised trading venues requiring FCA authorisation. Anticipated obligations include segregation of client assets, capital adequacy, conflict-of-interest rules, and governance standards for execution and transparency.

Intermediation—defined as broking or arranging cryptoasset or stablecoin transactions for clients—may require permissions similar to those held by investment intermediaries, with disclosure duties, prudential requirements, and suitability or appropriateness checks aligned to consumer risk profiles.

Lending, where customers deposit assets with a platform in return for yield, is likely to be treated as a regulated activity akin to deposit-taking or investment contracts. This would entail prudential and liquidity standards, clear risk disclosures covering rehypothecation and counterparty default, and restrictions on misleading yield marketing.

Staking—the delegation or lock-up of cryptoassets to validate transactions in return for rewards—remains less settled. Regulators internationally are divided: some treat it as a form of collective investment scheme, while others see it as a custody-related activity.

  • Regulatory uncertainty pending consultation, with risk of gaps if existing permissions do not cover trading, intermediation, lending, or staking
  • Potential requirements for client asset segregation, capital and liquidity standards, and enhanced disclosure obligations
  • Staking and lending models may be treated as deposit-taking, investment contracts, or collective investment schemes, creating perimeter and compliance risks
  • Consumer-protection scrutiny likely to increase under the Consumer Duty if firms overstate yields or understate risks
  • Engage with the FCA consultation when published and coordinate industry responses through trade bodies
  • Map existing cryptoasset and stablecoin activities against potential regulatory permissions to identify perimeter risks
  • Begin designing segregation of client assets and enhanced disclosures for lending and staking models
  • Prepare draft governance, capital, and risk frameworks aligned to likely MiCA-style requirements

HMT open banking regulatory framework; finance and performance data integration system

HMT, working with the FCA, PSR and CMA, is developing a long-term regulatory framework for open banking to secure existing gains, unlock new use cases, and establish a sustainable economic model. A statutory instrument is expected in Q4 2025 anchored in the forthcoming Data (Use and Access) Bill. This legislation will create a statutory “smart data scheme”, extending portability rights beyond banking into other consumer and SME sectors.

In parallel, HMT is progressing its Finance and Performance Data Integration System (FPDIS), a cross-government programme to integrate departmental finance and performance data in near real time. The initiative aims to replace fragmented manual reporting with a unified platform, improving transparency, cutting duplication, and allowing departments to focus on delivery rather than compliance reporting. While not specific to payments, it signals the government’s wider drive to “rewire the state” and advance the Shared Services Strategy for Government.

  • Uncertainty over liability allocation and governance until the statutory instrument is published
  • Potential need to re-paper multilateral agreements (MLAs) and commercial arrangements, especially for variable recurring payments (VRPs)
  • Risk of divergence between UK smart data provisions and EU/other international data-sharing regimes, complicating cross-border operations
  • Track the passage of the Data (Use and Access) Bill and prepare for changes to API standards, liability allocation, and open banking’s economic model
  • Identify opportunities to pilot variable recurring payments (VRPs), account-to-account payments, and cross-sector Smart Data applications
  • Begin assessing potential re-papering needs for multilateral agreements and commercial VRP contracts once draft statutory text is available

National Payments Vision delivery committee update

The National Payments Vision (NPV) sets out the government’s ambition for a “world-leading payments ecosystem” underpinned by next-generation technology, competition, security, and regulatory clarity. To drive delivery, HM Treasury, the Bank of England, the FCA, the PSR, Pay.UK and industry stakeholders are represented on a new Payments Vision Delivery Committee (PVDC).

In July 2025 the PVDC announced a new model for the next generation of UK retail payments infrastructure and established the Retail Payments Infrastructure Board (RPIB) as its senior advisory group. The RPIB will translate the PVDC’s strategy into design, with its first meeting scheduled for October 2025.

The PVDC’s Payments Forward Plan, due by the end of the year, will set out a sequenced programme of retail and wholesale initiatives, including the role of digital assets, interoperability, and infrastructure modernisation.

  • Extended period of dual-running legacy and next-generation systems will increase cost and operational complexity
  • Risk of vendor lock-in or fragmented governance during transition
  • Potential control gaps where processes span both infrastructures, raising operational and regulatory risk
  • Uncertainty for firms investing in technology upgrades before the Payments Forward Plan is finalised
  • Provide feedback to the Bank of England, which is setting up and chairing the RPIB, by emailing: [email protected]
  • Assess current infrastructure, vendor contracts, and technology stacks against the NPV’s stated objectives
  • Map dependencies across schemes, CHAPS, Faster Payments, card acquiring, and ISO 20022 initiatives to identify transition risks
  • Build internal governance and programme plans that can flex once the Payments Forward Plan is published

FCA statement on the design of the Future Entity for UK open banking

The UK is progressing towards the creation of a Future Entity to oversee open banking standards and ensure interoperability across the ecosystem. Although still subject to legislation, the current intention is that the body will be a company limited by guarantee, operating on a not-for-profit basis. It will act as the primary standard-setting organisation for open banking APIs, with responsibilities expected to include: setting baseline technical standards, monitoring API performance, providing certification and directory services, and supporting commercial schemes through the development of multilateral standards.

The Future Entity will not itself have statutory enforcement powers. Instead, the FCA has been designated as the lead regulator for open banking under the National Payments Vision, with the authority to act where firms fall short.

The FCA intends to publish further detail on the Future Entity’s design by the end of 2025, following a series of industry workshops in autumn. No public timeline has yet been set for when the Future Entity will assume its role as the UK’s primary standard-setting body for open banking.

  • Lack of statutory enforcement powers may create uncertainty over how non-compliance with API standards will be addressed
  • Failure to meet baseline API standards could lead to exclusion from certification or directories, reputational damage, and FCA intervention
  • Risk of inconsistency or overlap between the Future Entity’s standards and existing scheme/MLA obligations, complicating implementation
  • Participate in FCA workshops and consultations during 2025 to influence the Future Entity’s governance, funding model, and technical standards
  • Assess internal API capabilities against anticipated baseline standards and plan upgrades needed for certification and directory inclusion
  • Explore opportunities to build commercial schemes that provide enhanced services beyond baseline interoperability
  • Prepare for potential extension into open finance by mapping how data-sharing obligations could apply across adjacent products and services

Short to medium-term impact: 2026

The final quarter of 2025 and the year ahead will see a wave of regulatory changes reshape merchant operations, from cost and compliance pressures to shifts in payments oversight and sustainability reporting. With new packaging obligations, suspended but high-impact interchange reforms, BNPL authorisation, and intensified cybersecurity standards all on the horizon, merchants must prepare for a period of complex, overlapping demands.

FCA changes to payment safeguarding rules

The FCA’s new safeguarding rules aim to strengthen protection of customer funds held by payments firms by codifying existing guidance, introducing new audit and reporting requirements, and enhancing insolvency preparedness. In-scope organisations are payment institutions and e-money institutions. The rules take effect on 7 May 2026.

Safeguarding requires customer funds to be segregated from a firm’s own money so they can be returned swiftly and in full if the firm fails. The FCA’s consultation paper CP24/20, published in September 2024, highlighted significant weaknesses: on average, only 35% of client funds were returned following insolvencies between Q1 2018 and Q2 2023.

The regulator has repeatedly raised concerns through Dear CEO letters (2019, 2020, 2021, 2023, 2025) and a critical multi-firm review in 2019. Interim guidance issued during the COVID-19 pandemic was later incorporated into the FCA’s Approach Document, but compliance gaps persisted.

Although most firms supported raising standards in CP24/20, there was pushback on proposed “end-state” measures such as statutory trusts, direct receipt into safeguarding accounts, and additional FSMA permissions for managing safeguarded investments. The FCA has therefore paused the Post-Repeal Regime, leaving the strengthened Supplementary Regime in PS25/12 as the binding standard from 2026.

Industry groups, including TPA’s Regulatory Working Group, have stressed the need for the Financial Reporting Council to publish a relevant auditing standard to support implementation.

  • Persistent safeguarding weaknesses highlighted by the FCA raise the risk of customer detriment and regulatory intervention
  • From May 2026, failure to comply with the strengthened Supplementary Regime could lead to enforcement, licence restrictions, or removal of permissions
  • Lack of an agreed auditing standard creates uncertainty for firms and their auditors in demonstrating compliance
  • Pushback on “end-state” measures (statutory trusts, direct receipt into safeguarding accounts, FSMA permissions) suggests ongoing regulatory debate, creating planning uncertainty for firms
  • Prepare for annual safeguarding audits and monthly regulatory returns; confirm whether audit exemptions apply
  • Define “reconciliation day” under the revised rules and align processes accordingly
  • Engage auditors early to agree methodologies in the absence of a formal FRC standard
  • Build systems and controls with flexibility to accommodate potential future reforms, including a statutory trust model

Payment Services and Payment Accounts (Contract Terminations) (Amendment) Regulations 2025

From 28 April 2026, amendments to the Payment Services Regulations 2017 and the Payment Accounts Regulations 2015 will introduce stricter requirements for terminating framework contracts. Payment service providers (PSPs) and designated credit institutions will need to give at least 90 days’ notice for contracts entered into on or after that date, up from the current two months.

Termination notices must include sufficiently detailed and specific reasons unless disclosure would be unlawful. Consumers must also be informed of both internal complaint procedures and their right to escalate to the Financial Ombudsman Service. Exceptions are limited to defined cases such as anti-money laundering breaches, suspicion of serious crime, immigration enforcement, or public order offences.

  • Failure to meet the 90-day notice and reasoning requirements could lead to enforcement action, consumer redress, or challenges via the Ombudsman
  • Misapplication of exceptions (e.g. AML, serious crime, immigration) carries legal and reputational risk if not evidenced and documented contemporaneously
  • Providing “sufficiently detailed” reasons risks tension with data-protection and confidentiality obligations, requiring careful drafting
  • Increased volume of disputes and complaints may strain operational capacity and expose control weaknesses
  • Update contract templates to reflect the 90-day notice period and detailed justification requirements
  • Revise termination policies and train staff on the limited circumstances where exceptions can be applied
  • Redraft customer communications to ensure compliant disclosure of reasons, complaints processes, and Ombudsman rights
  • Strengthen recordkeeping and audit trails to evidence lawful application of exceptions and overall compliance

UK BNPL Regulation

From 15 July 2026, Deferred Payment Credit (DPC), more widely known as Buy Now Pay Later (BNPL), will be regulated as a form of credit under the Consumer Credit Act, bringing third-party providers within the scope of FCA oversight. The new regime follows sharp growth in the sector: Research from the FCA, published in May 2025, found that one in five UK adults — around 10.9 million people — had used BNPL at least once in the preceding year, up from 8.8 million in 2022.

The rules will not apply to BNPL products used to finance insurance premiums, employee borrowing schemes, or arrangements provided by registered social landlords, and will only cover agreements entered into from 15 July 2026 onwards. The Government has also confirmed that credit broking of BNPL agreements will remain exempt.

The consultation on the draft rules opened on 18 July 2025 and closes on 26 September 2025. The FCA is expected to publish a policy statement and final rules in early 2026, ahead of the regime’s commencement in July 2026.

  • Firms that fail to secure full FCA authorisation will be unable to offer DPC beyond the temporary permissions regime (TPR) window
  • Missing the two-month TPR registration deadline or six-month application period risks interruption of service and customer harm
  • Inability to meet Consumer Credit sourcebook (CONC) affordability and arrears-support standards could lead to authorisation refusal or enforcement action
  • Reputational risk for providers and partner merchants if customers experience disruption or poor outcomes during the transition
  • Register for the Temporary Permissions Regime (TPR) at least two months before 15 July 2026
  • Submit a full FCA authorisation application within six months of the TPR going live
  • Align products, disclosures, affordability checks, and arrears-handling processes with the FCA’s Consumer Credit sourcebook (CONC)
  • Engage with partner merchants to ensure continuity of service and update contractual terms to reflect regulatory obligations

Department for Science, Innovation and Technology Artificial Intelligence Regulation

The government has confirmed its intention to legislate for artificial intelligence (AI) but has not yet published a timeline. The FCA has welcomed the move and emphasised its commitment to a “technology-agnostic, principles-based and outcomes-focused” approach.

Rather than creating a dedicated statutory AI regulator, the government has asked existing bodies — including the FCA, CMA, ICO, Ofcom and MHRA — to apply a common set of five cross-sector principles within their own remits. These principles are: safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress.

  • Sectoral regulators (FCA, PSR, CMA, ICO) are expected to interpret AI principles through existing obligations such as Consumer Duty, operational resilience, and data protection — creating overlapping compliance risks
  • Absence of clear statutory AI rules may result in inconsistent regulatory expectations across sectors
  • Lack of board-level oversight and defined SM&CR accountability for AI use could expose firms to enforcement action and governance failings
  • Use of opaque or biased AI models increases the risk of consumer harm, discrimination claims, and reputational damage
  • Implement AI model governance frameworks covering explainability, bias testing, and consumer redress processes for high-impact use cases such as fraud detection and credit scoring
  • Assign board-level oversight and SM&CR responsibility for AI deployment, with clear reporting lines
  • Develop an AI model register and maintain audit trails to evidence compliance with Consumer Duty, data protection, and operational resilience requirements
  • Build systems with flexibility to adapt to future statutory rules and international AI standards (e.g. EU AI Act), not just current UK principles

FCA Consumer Duty - potential review

The FCA has signalled that it may review implementation of the Consumer Duty in 2026, with particular focus on whether firms are delivering good outcomes in line with its four outcomes framework: products and services, price and value, consumer understanding, and consumer support. In a recent consultation paper, the regulator has highlighted “targeted support” as a possible area for further guidance, stressing that such support should be tailored, non-advisory, and provided free of charge in most cases.

The review is expected to examine how firms evidence outcomes through data and management information, and whether board-level oversight has been embedded effectively. It will also consider the role of reputational risk where poor value or consumer harm is identified.

  • FCA review may expand the scope or tighten interpretation of the Duty, creating compliance gaps if firms have not updated processes
  • Inadequate outcome testing or poor management information could lead to retrospective scrutiny and enforcement action
  • Targeted support may blur into advice if poorly designed, exposing firms to perimeter breaches
  • Heightened reputational risk where outcome data evidences poor value or customer harm
  • Engage with FCA calls for input and track policy statements through 2025–26 to anticipate potential refinements
  • Update compliance frameworks proactively to avoid last-minute operational changes when new guidance is issued
  • Conduct regular reviews of customer journey data, complaints, and product disclosures against Consumer Duty outcomes
  • Strengthen management information and governance processes to evidence compliance and support board oversight

Future outlook: Late 2026 and beyond

From late 2026 onwards, regulation begins to focus on structural reforms and cultural standards rather than immediate operational fixes. These initiatives, spanning digital money, conduct expectations, prudential reforms and settlement cycle, will shape the long-term trajectory of payments markets well into the next decade.

Bank of England digital pound development - potentially shelved

Recent remarks by Andrew Bailey, Governor of the Bank of England, suggest a more cautious stance on introducing a retail central bank digital currency. Bailey noted he would need “a lot of convincing” if commercial banks continue to deliver effective digital payment solutions, questioning the added benefit of a central bank-issued alternative.

This marks a shift from the Bank and HM Treasury’s position just two years earlier, when they anticipated that a digital pound could be introduced before 2030. The Bank’s April 2025 report confirmed that offline payment functionality with a digital pound is technically feasible but highlighted trade-offs around user experience, double-spending, and counterfeiting controls.

  • Strategic uncertainty from the Bank’s cautious stance may delay investment decisions for firms planning CBDC-related services
  • Divergence between the UK and jurisdictions pressing ahead with retail CBDCs could undermine cross-border interoperability and settlement efficiency
  • Risk of misallocated resources if firms deprioritise CBDC readiness but the UK later reactivates plans on an accelerated timeline
  • Potential competitive disadvantage if tokenised deposits and stablecoin frameworks advance faster than a digital pound
  • Prioritise investment in stablecoin infrastructure, tokenised deposits, and interoperability solutions, given stronger regulatory momentum in these areas
  • Monitor Bank of England and HM Treasury communications for any reactivation of digital pound timelines
  • Scenario-plan for both outcomes: no digital pound, and a late but accelerated introduction, to avoid being caught unprepared
  • Engage in cross-industry pilots and standards groups to ensure readiness for whichever digital money model takes precedence

Tackling non-financial misconduct in financial services

From 1 September 2026, the FCA will extend its non-financial misconduct (NFM) rules — covering behaviour such as bullying, harassment, and violence — beyond banks to all FSMA-authorised firms with Part 4A permission. Serious NFM will explicitly fall within the scope of the Code of Conduct (COCON) for individuals in non-banking firms, bringing requirements into line with the banking sector.

The FCA’s September 2025 consultation on Tackling non-financial misconduct in financial services,’ which sought views to ensure consistent application of the rules across the industry, closed on 10 September 2025. The paper covered how NFM should be assessed under conduct rules, fit-and-proper tests, threshold conditions, and regulatory references.

The reforms build on the FCA and Prudential Regulation Authority’s joint Discussion Paper (DP21/2, 2021) and the FCA’s September 2023 consultation (CP23/20). The FCA reports that their proposals gained broad industry support, with 80% of authorised firms and 90% of trade bodies backing their approach.

The FCA plans to review the feedback from the consultation period and set its final regulatory approach before the end of 2025.

The new COCON rule will take effect on 1 September 2026.

  • NFM will become a key factor in assessing employee fitness and propriety under the FCA Handbook’s FIT rules, extending to relevant misconduct outside the workplace (e.g. social media use or personal behaviour)
  • Increased reporting of conduct-rule breaches is expected; high volumes may be misinterpreted externally as poor culture, creating reputational risk
  • Inconsistent handling of NFM cases could expose firms to employment law challenges and regulatory scrutiny
  • Failure to evidence a safe speak-up culture may be treated as a governance weakness under SM&CR
  • Update codes of conduct, HR policies, whistleblowing frameworks, and regulatory references to reflect the new NFM obligations
  • Notify all conduct-rules staff of the extended scope under FSMA section 64B and provide targeted training on how to apply the rules in practice
  • Establish clear investigation and escalation procedures for NFM cases, with defined roles for HR, compliance, and senior managers
  • Enhance management information and board reporting to track NFM cases, speak-up activity, and cultural indicators

Prudential Regulation Authority: Delay to Basel 3.1 Implementation

In January 2025, the PRA, in consultation with HM Treasury, announced a one-year delay to the UK’s implementation of Basel 3.1 standards, moving the start date to 1 January 2027. Basel 3.1 is intended to improve banks’ measurement of risk and standardise approaches to capital calculation, making capital ratios more consistent and comparable across firms.

Although the start date has been pushed back, the PRA has confirmed that full implementation is still targeted for 1 January 2030, with transitional periods shortened to compensate. The decision reflects uncertainty around the US timetable for Basel 3.1 and the UK’s desire to maintain competitiveness and avoid misalignment with other major jurisdictions.

  • Shortened transitional periods increase pressure on banks to deliver model changes, data upgrades, and governance within compressed timelines
  • Ongoing uncertainty around US implementation creates planning challenges and potential divergence in capital requirements
  • Risk that programmes lose momentum during the delay, leading to resourcing gaps and rushed delivery closer to 2027
  • Failure to prepare could result in supervisory findings, higher capital requirements, or reputational impact with regulators and investors
  • Monitor PRA publications on the revised Interim Capital Regime to track changes in transitional capital treatment
  • Maintain Basel 3.1 programme momentum despite the delay, ensuring model changes and data upgrades remain on track
  • Use the pause on Pillar 2 data collection to strengthen underlying systems and controls, so they are ready when requirements resume
  • Refresh internal implementation plans to reflect the 2027 start date and compressed transitional period through to 2030

The Accelerated Settlement Taskforce T+1 settlement

The UK will transition from a T+2 to a T+1 settlement cycle for securities transactions on 11 October 2027. This will require equities and bonds to settle within one business day of execution, improving efficiency and reducing counterparty risk. The Accelerated Settlement Taskforce (AST), chaired by Andrew Douglas, has been appointed to oversee and coordinate the transition, with the FCA and Bank of England providing support as observers.

International alignment is strong: the US, Canada, Mexico, and Argentina moved to T+1 in May 2024, while the EU reached a provisional agreement in June 2025 to adopt T+1 from the same date as the UK. Switzerland is also targeting October 2027. Coordinated adoption reduces the risk of settlement mismatches in cross-border trading.

  • Higher settlement-fail rates and penalties if firms cannot meet the T+1 timetable under settlement discipline regimes
  • Contractual liability to counterparties for financial losses caused by delayed settlement
  • Breach of FCA rules on operational resilience, systems and controls, or conduct of business if firms are inadequately prepared
  • Legal and operational complexity from cross-border mismatches in timing or enforcement across the UK, EU, Switzerland, and North America
  • Increased risk of litigation and client disputes linked to failed or late settlement
  • Upgrade systems, processes, and counterparty arrangements to meet T+1 settlement timelines
  • Begin testing, budget planning, and staff training well ahead of the 2027 implementation date
  • Coordinate with custodians, brokers, and technology providers to ensure readiness and avoid settlement breaks
  • Align fund managers, distributors, and administrators for the shift of unit transactions to T+2
  • Prepare cross-border operating models for simultaneous adoption of T+1 in the UK, EU, and Switzerland, alongside established T+1 markets in North America

International regulatory developments: 2025–2027

Alongside the UK’s domestic agenda, international reforms are reshaping the payments landscape. From the EU’s PSD3, MiCA and Instant Payments Regulation to the US GENIUS Act on stablecoins, firms must navigate multiple regimes that increasingly converge on core principles while diverging in scope, timelines and enforcement.

EU Instant Payments Regulation (SEPA Instant)

From 9 October 2025, euro area Member States will be required to support instant credit transfers in euros. Adoption has so far been limited — instant transfers represented only 14% of transactions by volume and 4% by value in H2 2023, according to data from the European Central Bank.

The Instant Payments Regulation (IPR), adopted in March 2024, amends existing EU payments legislation to mandate that all payment service providers offering euro credit transfers must also offer SEPA instant payments. It requires cost parity with standard transfers, strengthens fraud prevention through Verification of Payee, and introduces daily sanctions screening obligations.

The regulation is intended to accelerate adoption of instant payments, ensuring they become widely available, affordable, and secure for consumers and businesses across the EU.

  • Mandatory Verification of Payee and daily sanctions screening increase data-quality requirements and exception-handling risks
  • Failure to deliver cost parity with standard transfers could expose firms to enforcement or consumer complaints
  • Direct access for non-bank PSPs to TARGET/TIPS intensifies competition, but also raises prudential and operational resilience expectations for new entrants
  • Cross-border interoperability and alignment with UK standards may create compliance complexity for UK groups operating in the EU
  • Upgrade infrastructure to deliver SEPA instant payments with cost parity to standard transfers
  • Implement Verification of Payee solutions and embed daily sanctions screening in line with the Eurosystem framework
  • Strengthen APP fraud monitoring and exception-handling processes to manage liability exposure
  • For UK firms with EU operations, prepare for staggered deadlines and ensure interoperability with SEPA Instant systems

EU PSD3 & PSR - Industry consultations expected through 2026

The European Commission’s proposals for the third Payment Services Directive (PSD3) and a new Payment Services Regulation (EU PSR), published in June 2023, represent the most extensive overhaul of EU payments law since PSD2 in 2016. Draft texts were issued by the Council of the EU in June 2025, with consultations and national transposition expected to run through 2026.

The package seeks to modernise payments rules in response to digitalisation, evolving fraud threats, and the growth of open banking. PSD3, as a directive, will govern licensing and supervision of payment and e-money institutions. The EU PSR, directly applicable across member states, will harmonise technical standards, consumer protections, and security obligations.

Notably, PSD3 will merge PSD2 and the E-Money Directive into a single framework, creating a unified regime for banks, payment institutions, and e-money institutions.

  • Unified licensing regime under PSD3 increases regulatory scrutiny and could require reauthorisation or material changes to permissions
  • Stricter API performance, strong customer authentication (SCA), and reporting requirements will raise compliance costs and technical demands
  • Divergence risk between EU rules and UK open banking framework may create duplication and operational complexity for cross-border firms
  • Failure to adapt systems in time could result in service disruption, loss of passporting rights, or enforcement action by national competent authorities
  • Upgrade technical infrastructure to meet stricter API, SCA, and reporting obligations under the EU PSR
  • Prepare for mandatory real-time transaction monitoring, expanded refund rights, and enhanced payee verification checks
  • Review licensing status under PSD3 and assess whether reauthorisation or changes to permissions will be required
  • For UK-based firms with EU operations, align systems with PSD3/PSR while monitoring divergence from the UK’s payments reforms to avoid duplication

The GENIUS Act

On July 18, 2025, President Trump signed into law the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act, creating the first comprehensive federal licensing and supervisory regime for payment stablecoins. The Act restricts issuance to licensed entities, imposes prudential and reserve requirements, and clarifies their regulatory treatment under US law.

The regime takes effect on 18 January 2027, or earlier if implementing regulations are finalised, and will be overseen by the US Treasury, OCC, Federal Reserve, FDIC, state agencies, and a new interagency Stablecoin Certification Review Committee.

The Act defines payment stablecoins as fully backed, redeemable at par, and subject to reserve segregation, audits, and monthly certifications. It also distinguishes them from securities and commodities, resolving jurisdictional overlap between the SEC and CFTC.

Foreign issuers may operate in the US only if their home regime is judged “substantially similar,” and they must maintain reserves within the US.

  • Issuers face stringent prudential, operational, and disclosure obligations; failure to comply risks licence revocation or enforcement
  • Market entry depends on OCC registration and, for foreign issuers, “substantially similar” home regulation plus US reserve custody — raising compliance costs and barriers to entry
  • Uncertainty over how “substantially similar” will be interpreted could delay or restrict non-US participation
  • Ongoing audit, reserve segregation, and certification requirements create liability for misreporting or control failures
  • Assess OCC registration requirements and prepare licence applications ahead of the 2027 effective date
  • Align custody arrangements to meet segregation and US-based reserve requirements
  • Build systems for monthly reserve certifications, independent audits, and ongoing disclosure obligations
  • For foreign issuers, evaluate whether the home regime is likely to be deemed “substantially similar” and plan for compliance or restructuring if not
  • Review accounting treatment and financial reporting to take advantage of clarified regulatory status

Digital Euro

The European Central Bank (ECB) and European Commission are advancing plans for a retail digital euro, intended to provide a central bank–issued digital means of payment available to consumers and merchants across the euro area. The proposal aims to complement cash, strengthen monetary sovereignty, and support pan-European payments integration.

Design questions remain unresolved, including distribution models, privacy safeguards, offline functionality, and the role of intermediaries. A key issue for payment service providers is how compensation and cost-sharing will be structured, as the legislative framework continues to evolve. The timeline for adoption will extend into the late 2020s, subject to ECB testing and EU legislative progress.

  • Uncertainty around the intermediary compensation model creates commercial risk for banks and PSPs distributing the digital euro
  • Potential overlap with existing instant payment and card infrastructures may lead to revenue displacement or cannibalisation of existing services
  • Strict privacy and data-protection requirements could impose additional compliance burdens
  • Divergence between the EU digital euro and potential UK digital pound or stablecoin regimes could create cross-border interoperability challenges
  • Monitor ECB pilot results and EU legislative progress to assess likely design and distribution models
  • Engage in industry consultations to influence compensation frameworks and technical standards
  • Conduct impact assessments on revenue models, customer demand, and operational requirements compared with current payment rails
  • Plan for interoperability testing with SEPA instant, card networks, and potential UK digital currency or stablecoin regimes

Markets in Crypto-Assets Regulation (MiCA)

The EU’s Markets in Crypto-Assets Regulation (MiCA) creates the first comprehensive pan-European framework for cryptoasset issuance, custody, trading, and marketing. It introduces licensing requirements for cryptoasset service providers (CASPs), disclosure obligations for issuers, prudential and conduct standards, and a regime for stablecoins (asset-referenced tokens and e-money tokens).

Grandfathering for existing firms ends on 1 July 2026, after which all CASPs must be MiCA-authorised to operate. Member states may apply shorter transition periods. MiCA also strengthens rules on market abuse, white papers, and marketing, and will be enforced by national competent authorities across the EU.

  • Firms operating without MiCA authorisation beyond July 2026 risk forced exit from EU markets and enforcement action
  • Exposure to new market-abuse prohibitions and stricter marketing and disclosure standards, with liability for misleading statements
  • Partner or outsourcing arrangements (custody, exchange, marketing) may create hidden perimeter risks if not aligned to MiCA obligations
  • Divergence between MiCA and UK crypto regulation could increase compliance complexity for cross-border groups
  • Undertake a MiCA perimeter review across issuance, custody, trading, and marketing activities to identify authorisation requirements
  • Prepare and submit authorisation applications with supporting governance, capital, and risk frameworks
  • Update white papers, disclosures, and marketing materials to meet MiCA standards

Conclusion

Payments regulation is increasingly defined by faster implementation, broader scope, and higher expectations. Regulators worldwide are embedding stronger consumer protections, mandating greater operational resilience, and tightening oversight of digital assets. At the same time, their focus is widening beyond compliance to embrace interoperability, data standards, and market integrity. This reflects the growing complexity of global payments. Regulatory foresight must be embedded into product design, technology investment, and consumer engagement. The coming years will reward those who treat regulation not as a hurdle but as a platform for trust, competitiveness, and innovation.

Read more Payments Intelligence

Upload your profile photo

You need to be logged in to do this!

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Continue reading

This content is only available to members - please see instructions below!

Become a member to continue reading

Member of The Payments Association? Log in to continue reading